Her mother appealed to Facebook, seeking to get into her daughter’s account to read her posts and chat history, looking for clues that might indicate whether the teenager had been bullied before her death.

According to Reuters, Wednesday’s decision overturned an earlier verdict from a lower court. Unlike the earlier decision, the Berlin appeals court said that the girl’s rights to private telecommunications included her electronic communications, which, it decided, were meant to be read only by those with whom the girl had communicated.

The girl’s name has been withheld. At some point after her death, Facebook memorialized her account.

That means that Facebook completely removed the dead girl’s data, changed the privacy setting so that only confirmed friends could view her profile or search for it, removed her status updates, and locked the account so that nobody in the future could log in. As Facebook describes in its policy, the account was transformed into “a place where people can save and share their memories of those who’ve passed”.

Two years ago, a regional court in Berlin had sided with the girl’s mother, saying that the right to privacy wasn’t protected for a minor. No, the appeals court said last week, the right to privacy outweighed the right of her parents to inherit her data.

The case has once again brought up the complicated question of who has the right to unlock our social media accounts, our bank accounts, our eBay accounts, our creative output on Instagram, or any other aspect of our online presences or intellectual property after we die.

The answer depends, in part, on where you live. As Reuters points out, Germany has a fierce devotion to privacy rights, its memories of extensive surveillance by Communist East Germany’s Stasi secret police and by the Nazi-era Gestapo still potent.

The question has played out in other countries, including the US. In the state of Virginia, a law that focuses on unlocking the online accounts of minors was born out of a similar, tragic case of a teen’s suicide. His family, just as the Berlin family, had unsuccessfully tried to access their child’s Facebook page to search for answers.

In August 2014, Delaware became the first state in the US to enact a broad law that ensures families’ rights to access the digital assets of loved ones during incapacitation or after death, just as if those assets were physical objects such as papers stored in a filing cabinet.

According to the Pew Charitable Trusts, as of July 2014, at least eight other US states had enacted some form of legislation dealing with digital assets, and at least 10 other states were considering legislation.

A more current list of state laws – last updated in March 2017 – showed that many other states have passed laws since. The most recent was in South Dakota, where the governor signed a law in March that authorized a decedent’s personal representative or trustee to access and manage digital assets and electronic communications.

The questions of privacy vs. families being left in the lurch, missing out on auto payment notices or other financial communications sent to their loved ones via email, are thorny.

State laws have differed. The first law to pass in the US, in Delaware, ruled that digital assets including email, cloud storage, social media accounts, health records, content licenses, databases and more would become part of a person’s estate upon death, and the entities who control access to those assets would be required to provide the legal executor with control over the deceased’s digital assets.

Such a law has made service providers such as Facebook squirm. Back when Delaware was passing its law, a coalition of 21 technology and media companies argued against such legislation, raising issues such as those regarding liability: particularly relevant when an email contains information about a third party.

Jim Halpert, an attorney that represented the coalition:

If somebody died who’s a drug counselor or psychiatrist or doctor, they’re likely to have a lot of stuff in their email from patients, which is quite confidential. Under these bills, the fiduciary gets everything. They could turn around and file a very costly class action lawsuit against the service provider.

Others have called such fears a red herring, given that before the internet, doctors and drug counselors kept files with confidential information that could be accessed by a fiduciary if they died.

That fiduciary would bear the liability if confidential information was released in either digital or analog form.

But the tech industry has also argued that digital assets laws are in direct conflict with a federal law, the Electronic Communications Privacy Act, which prohibits custodians of digital assets from releasing them to a third party without the sender’s or receiver’s permission or a court order.

That’s what a Rhode Island law stipulated: it requires that executors get a court order to access email accounts of people who die and indemnifies the provider from liability.

But as the Berlin case clearly demonstrates, many are wary of digital assets laws, not on the grounds of liability, but rather on the grounds of privacy. They argue that online accounts and their content should die with the deceased, unless he or she has left explicit plans indicating otherwise.

People live with personal information that they do not wish to share with, say, their parents or their significant others. The best course of action should be to respect this decision, even after death, unless the deceased takes steps to allow their estate’s administrator access to their email.

Take care of these things while you can

Regardless of where we live, we can help our families avoid the problems that arise when we die and leave them locked out of our digital selves.

Some of the tools that internet companies have made available to help:

It gives users the option of sharing data or having the account deleted entirely if you haven’t logged in for an amount of time that you yourself can specify.

Don’t wait around for every keeper of your in-the-cloud valuables to come up with a plan for deleting your data, though.

To avoid having data fall into the wrong hands, or not getting to your heirs, draw up a digital will along with your regular will.

There are plenty of tools out there that can help.

The Digital Beyond offers this list of online services that includes not only digital estate planning but also posthumous email services and online memorials.

One such service is Afternote.com: a place to store details of your wishes for your funeral, a bucket list of things you want to do while you’re still alive, and a list of how you’d like your social media pages to be treated after your death, all of which you can share with up to three nominated trustees. It requires that your trustees have Afternote accounts.

You also might consider setting up a way for trusted people to get at all your accounts in one fell swoop. LastPass, for one, gives users the option of appointing someone whom they trust with emergency access to their password vault. Emergency access allows users to invite such people – who have to first sign up to be LastPass users, similar to Afternote – but to also retain the ability to decline their access request within a specific waiting period. That can help to protect your accounts from being compromised, be it by mistake or by trustworthy people becoming untrustworthy.

Then again, there are good reasons not to share passwords, as pointed out by our own editor, Kate Bevan, in a MoneyWise article from three years ago. For one thing, Facebook policy prohibits users sharing login details for their accounts. If you’re scrupulous about adhering to policies like that, you likely won’t want anybody to log in after your death, though Facebook itself has said that the decision to leave behind your login information is up to users.

Also, be careful about including account credentials in your will. It is, after all, a public document – which means that anyone can view it, complete with your passwords, after your death.

Post navigation

About the author

Lisa has been writing about technology, careers, science and health since 1995. She rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash and joined the freelancer economy. Alongside Naked Security Lisa has written for CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output.

I’m really glad it ended up being denied. She has no right to snoop into her daughter’s communications; she is not the police. If the police find it suspicious, they will use the established channels; this really reads like a nosy mother with too much time and money trying to poke her nose into things she shouldn’t.

Children aren’t their parents’ property. They are sentient beings with their own rights. Parents do not get to poke their big noses into someone else’s data without permission just because they’re parents.

I’ll take a guess you don’t have kids. On the same token you’re using, if the kids being manipulated by someone, and maybe getting other kids to commit suicide shouldn’t someone care? It’s not like the parents are looking to ruin the dead childs life. If anything they may want vengeance, or understanding which I would fully support.